I have a custommer that supposeably is infected by some variant of the Storm Worm. Apparently it sends out a port 80 TCP syn flood, or an ICMP ping flood, or it sets up a server FTP thread and scans IP addresses.
Can I just limit the number of packets like this a custommer is generating per minute? Also, log them when the limit is exceded so I know what time it is happening?
They thought they had it fixed but now its back and there are alot of PC’s on there network I hear.
Matt